[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster MS-2002a - 47 candidates



I am proposing cluster MS-2002a for review and voting by the
Editorial Board.

Name: MS-2002a
Description: CANs from Microsoft advisories from Aug 2002 to Feb 2003
Size: 47

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0692
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0692
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020712
Category: SF
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-September/002252.html
Reference: MS:MS02-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-053.asp
Reference: XF:fpse-smarthtml-interpreter-dos(10194)
Reference: URL:http://www.iss.net/security_center/static/10194.php
Reference: XF:fpse-smarthtml-interpreter-bo(10195)
Reference: URL:http://www.iss.net/security_center/static/10195.php
Reference: BID:5804
Reference: URL:http://www.securityfocus.com/bid/5804

Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft
FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote
attackers to cause a denial of service (CPU consumption) or run
arbitrary code, respectively, via a certain type of web file request.

Analysis
----------------
ED_PRI CAN-2002-0692 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0694
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0694
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020712
Category: SF
Reference: MS:MS02-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp
Reference: XF:win-chm-code-execution(10254)
Reference: URL:http://www.iss.net/security_center/static/10254.php

The HTML Help facility in Microsoft Windows 98, 98 Second Edition,
Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows
2000, and Windows XP uses the Local Computer Security Zone when
opening .chm files from the Temporary Internet Files folder, which
allows remote attackers to execute arbitrary code via HTML mail that
references or inserts a malicious .chm file containing shortcuts that
can be executed, aka "Code Execution via Compiled HTML Help File."

Analysis
----------------
ED_PRI CAN-2002-0694 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0696
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0696
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020712
Category: SF
Reference: MS:MS02-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-049.asp
Reference: XF:ms-foxpro-app-execution(10035)
Reference: URL:http://www.iss.net/security_center/static/10035.php
Reference: BID:5633
Reference: URL:http://www.securityfocus.com/bid/5633

Microsoft Visual FoxPro 6.0 does not register its associated files
with Internet Explorer, which allows remote attackers to execute
Visual FoxPro applications without warning via HTML that references
specially-crafted filenames.

Analysis
----------------
ED_PRI CAN-2002-0696 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0864
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0864
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235745116592&w=2
Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2
Reference: MS:MS02-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp
Reference: XF:winxp-remote-desktop-dos(10120)
Reference: URL:http://www.iss.net/security_center/static/10120.php
Reference: BID:5713
Reference: URL:http://www.securityfocus.com/bid/5713

The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP
allows remote attackers to cause a denial of service (crash) when
Remote Desktop is enabled via a PDU Confirm Active data packet that
does not set the Pattern BLT command, aka "Denial of Service in
Remote Desktop."

Analysis
----------------
ED_PRI CAN-2002-0864 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0865
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0865
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp
Reference: XF:msvm-xml-methods-access(10135)
Reference: URL:http://www.iss.net/security_center/static/10135.php
Reference: BID:5752
Reference: URL:http://online.securityfocus.com/bid/5752

A certain class that supports XML (Extensible Markup Language) in
Microsoft Virtual Machine (VM) 5.0.3805 and earlier exposes certain
unsafe methods, which allows remote attackers to execute unsafe code
via a Java applet, aka "Inappropriate Methods Exposed in XML Support
Classes."

Analysis
----------------
ED_PRI CAN-2002-0865 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0866
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0866
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
Reference: MS:MS02-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp
Reference: XF:msvm-jdbc-dll-execution(10133)
Reference: URL:http://www.iss.net/security_center/static/10133.php
Reference: BID:5751
Reference: URL:http://online.securityfocus.com/bid/5751

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine
(VM) up to and including 5.0.3805 allow remote attackers to load and
execute DLLs (dynamic link libraries) via a Java applet that calls the
constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL
terminated by a null string, aka "DLL Execution via JDBC Classes."

Analysis
----------------
ED_PRI CAN-2002-0866 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0867
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0867
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: MS:MS02-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp
Reference: XF:msvm-jdbc-ie-dos(10134)
Reference: URL:http://www.iss.net/security_center/static/10134.php

Microsoft Virtual Machine (VM) up to and including build 5.0.3805
allows remote attackers to cause a denial of service (crash) in
Internet Explorer via invalid handle data in a Java applet, aka
"Handle Validation Flaw."

Analysis
----------------
ED_PRI CAN-2002-0867 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1123
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020911
Category: SF
Reference: BUGTRAQ:20020806 SPIKE 2.5 and associated vulns
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865925419469&w=2
Reference: BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102873609025020&w=2
Reference: MS:MS02-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp
Reference: XF:mssql-preauth-bo(9788)
Reference: URL:http://www.iss.net/security_center/static/9788.php
Reference: BID:5411
Reference: URL:http://online.securityfocus.com/bid/5411
Reference: XF:mssql-preauth-bo(9788)
Reference: URL:http://www.iss.net/security_center/static/9788.php

Buffer overflow in the authentication function for Microsoft SQL
Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote
attackers to execute arbitrary code via a long request to TCP port
1433, aka the "Hello" overflow.

Analysis
----------------
ED_PRI CAN-2002-1123 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1137
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MISC:http://www.scan-associates.net/papers/foxpro.txt
Reference: MS:MS02-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp

Buffer overflow in the Database Console Command (DBCC) that handles
user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft
Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000,
allows attackers to execute arbitrary code via a long SourceDB
argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of
CAN-2002-0644.

Analysis
----------------
ED_PRI CAN-2002-1137 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1138
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp
Reference: XF:mssql-agent-create-files(10257)
Reference: URL:http://www.iss.net/security_center/static/10257.php

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine
(MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output
files for scheduled jobs under its own privileges instead of the
entity that launched it, which allows attackers to overwrite system
files, aka "Flaw in Output File Handling for Scheduled Jobs."

Analysis
----------------
ED_PRI CAN-2002-1138 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-054
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp
Reference: XF:win-zip-incorrect-path(10252)
Reference: URL:http://www.iss.net/security_center/static/10252.php
Reference: BID:5876
Reference: URL:http://www.securityfocus.com/bid/5876

The Compressed Folders feature in Microsoft Windows 98 with Plus!
Pack, Windows Me, and Windows XP does not properly check the
destination folder during the decompression of ZIP files, which allows
attackers to place an executable file in a known location on a user's
system, aka "Incorrect Target Path for Zipped File Decompression."

Analysis
----------------
ED_PRI CAN-2002-1139 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1140
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp
Reference: XF:sfu-rpc-parameter-bo(10258)
Reference: URL:http://www.iss.net/security_center/static/10258.php
Reference: BID:5879
Reference: URL:http://www.securityfocus.com/bid/5879

The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as
implemented on Microsoft Windows NT4, 2000, and XP, allows remote
attackers to cause a denial of service (service hang) via malformed
packet fragments, aka "Improper parameter size check leading to denial
of service."

Analysis
----------------
ED_PRI CAN-2002-1140 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1141
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp
Reference: XF:sfu-invalid-rpc-dos(10259)
Reference: URL:http://www.iss.net/security_center/static/10259.php
Reference: BID:5880
Reference: URL:http://www.securityfocus.com/bid/5880

An input validation error in the Sun Microsystems RPC library Services
for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4,
2000, and XP, allows remote attackers to cause a denial of service via
malformed fragmented RPC client packets, aka "Denial of service by
sending an invalid RPC request."

Analysis
----------------
ED_PRI CAN-2002-1141 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: MS:MS02-065
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-065.asp

Heap-based buffer overflow in the Remote Data Services (RDS) component
of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and
Internet Explorer 5.01 through 6.0, allows remote attackers to execute
code via a malformed HTTP request to the Data Stub.

Analysis
----------------
ED_PRI CAN-2002-1142 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1179
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429637822920&w=2
Reference: NTBUGTRAQ:20021010 Re: Problems applying MS02-058
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429681123297&w=2
Reference: BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435413105661&w=2
Reference: MS:MS02-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-058.asp
Reference: XF:outlook-smime-bo(10338)
Reference: URL:http://www.iss.net/security_center/static/10338.php
Reference: BID:5944
Reference: URL:http://www.securityfocus.com/bid/5944

Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook
Express 5.5 and 6.0 allows remote attackers to execute arbitrary code
via a digitally signed email with a long "From" address, which
triggers the overflow when the user views or previews the message.

Analysis
----------------
ED_PRI CAN-2002-1179 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1180
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: MS:MS02-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp
Reference: XF:iis-script-source-access-bypass(10504)
Reference: URL:http://www.iss.net/security_center/static/10504.php

A typographical error in the script source access permissions for
Internet Information Server (IIS) 5.0 does not properly exclude .COM
files, which allows attackers with only write permissions to upload
malicious .COM files, aka "Script Source Access Vulnerability."

Analysis
----------------
ED_PRI CAN-2002-1180 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1182
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html
Reference: MS:MS02-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp

IIS 5.0 and 5.1 allows remote attackers to cause a denial of service
(crash) via malformed WebDAV requests that cause a large amount of
memory to be assigned.

Analysis
----------------
ED_PRI CAN-2002-1182 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1183
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: MS:MS02-050
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the
Basic Constraints of digital certificates, allowing remote attackers
to execute code, aka "New Variant of Certificate Validation Flaw Could
Enable Identity Spoofing" (CAN-2002-0862).

Analysis
----------------
ED_PRI CAN-2002-1183 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1184
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: CF
Reference: MS:MS02-064
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-064.asp

The system root folder of Microsoft Windows 2000 has default
permissions of Everyone group with Full access (Everyone:F) and is in
the search path when locating programs during login or application
launch from the desktop, which could allow attackers to gain
privileges as other users via Trojan horse programs.

Analysis
----------------
ED_PRI CAN-2002-1184 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html
Reference: BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103970996205091&w=2
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: XF:ie-png-bo(10662)
Reference: URL:http://www.iss.net/security_center/static/10662.php
Reference: BID:6216
Reference: URL:http://online.securityfocus.com/bid/6216

Internet Explorer 5.01 through 6.0 does not properly check certain
parameters of a PNG file when opening it, which allows remote
attackers to cause a denial of service (crash) by triggering a
heap-based buffer overflow using invalid length codes during
decompression, aka "Malformed PNG Image File Failure."

Analysis
----------------
ED_PRI CAN-2002-1185 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1186
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: XF:ie-sameoriginpolicy-bypass(10039)
Reference: URL:http://www.iss.net/security_center/static/10039.php
Reference: BID:5610
Reference: URL:http://online.securityfocus.com/bid/5610

Internet Explorer 5.01 through 6.0 does not properly perform security
checks on certain encoded characters within a URL, which allows a
remote attacker to steal potentially sensitive information from a user
by redirecting the user to another site that has that information, aka
"Encoded Characters Information Disclosure."

Analysis
----------------
ED_PRI CAN-2002-1186 1
Vendor Acknowledgement: yes advisory

ACCURACY: Microsoft confirmed via email that this item addresses the
specified Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1187
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158601431054&w=2
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: XF:ie-frame-script-execution (10066)
Reference: URL:http://www.iss.net/security_center/static/10066.php
Reference: BID:5672
Reference: URL:http://online.securityfocus.com/bid/5672

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01
through 6.0 allows remote attackers to read and execute files on the
local system via web pages using the <frame> or <iframe> element and
javascript, aka "Frames Cross Site Scripting," as demonstrated using
the PrivacyPolicy.dlg resource.

Analysis
----------------
ED_PRI CAN-2002-1187 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1188
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184415307193&w=2
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp
Reference: XF:ie-object-read-tif(10665)
Reference: URL:http://www.iss.net/security_center/static/10665.php

Internet Explorer 5.01 through 6.0 allows remote attackers to identify
the path to the Temporary Internet Files folder and obtain user
information such as cookies via certain uses of the OBJECT tag, which
are not subjected to the proper security checks, aka "Temporary
Internet Files folders Name Reading."

Analysis
----------------
ED_PRI CAN-2002-1188 1
Vendor Acknowledgement: yes advisory

ACCURACY: Microsoft confirmed via email that this item addresses the
specified Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021014
Category: SF
Reference: BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/293146
Reference: MS:MS02-063
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-063.asp
Reference: XF:win-pptp-packet-bo (10199)
Reference: URL:http://www.iss.net/security_center/static/10199.php
Reference: BID:5807
Reference: URL:http://online.securityfocus.com/bid/5807

Buffer overflow in Microsoft PPTP Service on Windows XP and Windows
2000 allows remote attackers to cause a denial of service (hang) and
possibly execute arbitrary code via a certain PPTP packet with
malformed control data.

Analysis
----------------
ED_PRI CAN-2002-1214 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1230
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021021
Category: SF
Reference: MISC:http://getad.chat.ru/
Reference: MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html
Reference: MS:MS02-071
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-071.asp
Reference: BID:5927
Reference: URL:http://online.securityfocus.com/bid/5927
Reference: XF:win-netdde-gain-privileges(10343)
Reference: URL:http://www.iss.net/security_center/static/10343.php

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows
2000, and Windows XP allows local users to execute arbitrary code as
LocalSystem via "shatter" style attack by sending a WM_COPYDATA
message followed by a WM_TIMER message, as demonstrated by GetAd, aka
"Flaw in Windows WM_TIMER Message Handling Could Enable Privilege
Elevation."

Analysis
----------------
ED_PRI CAN-2002-1230 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1255
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-067
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-067.asp

Microsoft Outlook 2002 allows remote attackers to cause a denial of
service (repeated failure) via an email message with a certain invalid
header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail
Header Processing Flaw Could Cause Outlook 2002 to Fail."

Analysis
----------------
ED_PRI CAN-2002-1255 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1256
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-070
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-070.asp

The SMB signing capability in the Server Message Block (SMB) protocol
in Microsoft Windows 2000 and Windows XP allows attackers to disable
the digital signing settings in an SMB session to force the data to be
sent unsigned, then inject data into the session without detection,
e.g. by modifying group policy information sent from a domain
controller.

Analysis
----------------
ED_PRI CAN-2002-1256 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1257
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp

Microsoft Virtual Machine (VM) up to and including build 5.0.3805
allows remote attackers to execute arbitrary code by including a Java
applet that invokes COM (Component Object Model) objects in a web site
or an HTML mail.

Analysis
----------------
ED_PRI CAN-2002-1257 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1260
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp

The Java Database Connectivity (JDBC) APIs in Microsoft Virtual
Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass
security checks and access database contents via an untrusted Java
applet.

Analysis
----------------
ED_PRI CAN-2002-1260 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1262
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1262
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: BUGTRAQ:20021125 RE: MS02-066 - fixes, gaps and incorrect statements
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825484331857&w=2
Reference: NTBUGTRAQ:20021125 Re: MS02-066 - fixes, gaps and incorrect statements
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103824668621672&w=2
Reference: MS:MS02-068
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-068.asp
Reference: BUGTRAQ:20021205 Notes on MS02-068, extensive downplaying of severity
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103910416824172&w=2
Reference: NTBUGTRAQ:20021205 Notes on MS02-068, extensive downplaying of severity
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103909877717345&w=2

Internet Explorer 5.5 and 6.0 does not perform complete security
checks on external caching, which allows remote attackers to read
arbitrary files.

Analysis
----------------
ED_PRI CAN-2002-1262 1
Vendor Acknowledgement: yes advisory

ACCURACY: While the advisory is vague, Microsoft has confirmed that it
addresses the external caching problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1292
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp

The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as
used in Internet Explorer, allows remote attackers to extend the
Standard Security Manager (SSM) class
(com.ms.security.StandardSecurityManager) and bypass intended
StandardSecurityManager restrictions by modifying the (1)
deniedDefinitionPackages or (2) deniedAccessPackages settings, causing
a denial of service by adding Java applets to the list of applets that
are prevented from running.

Analysis
----------------
ED_PRI CAN-2002-1292 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1295
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1295
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2
Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp

The Microsoft Java implementation, as used in Internet Explorer,
allows remote attackers to cause a denial of service (crash) and
possibly conduct other unauthorized activities via applet tags in HTML
that bypass Java class restrictions (such as private constructors) by
providing the class name in the code parameter, aka "Incomplete Java
Object Instantiation Vulnerability."

Analysis
----------------
ED_PRI CAN-2002-1295 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1325
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp
Reference: BID:6380
Reference: URL:http://online.securityfocus.com/bid/6380

Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows
remote attackers to determine a local user's username via a Java
applet that accesses the user.dir system property, aka "User.dir
Exposure Vulnerability."

Analysis
----------------
ED_PRI CAN-2002-1325 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0002
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: BUGTRAQ:20021007 CSS on Microsoft Content Management Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103417794800719&w=2
Reference: MS:MS03-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-002.asp
Reference: BID:5922
Reference: URL:http://online.securityfocus.com/bid/5922
Reference: XF:mcms-manuallogin-reasontxt-xss (10318)
Reference: URL:http://www.iss.net/security_center/static/10318.php

Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for
Microsoft Content Management Server (MCMS) 2001 allows remote
attackers to execute arbitrary script via the REASONTXT parameter.

Analysis
----------------
ED_PRI CAN-2003-0002 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0004
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: MS:MS03-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-005.asp
Reference: XF:winxp-windows-redirector-bo(11260)
Reference: URL:http://www.iss.net/security_center/static/11260.php

Buffer overflow in the Windows Redirector function in Microsoft
Windows XP allows local users to execute arbitrary code via a long
parameter.

Analysis
----------------
ED_PRI CAN-2003-0004 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0007
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: MS:MS03-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-003.asp

Microsoft Outlook 2002 does not properly handle requests to encrypt
email messages with V1 Exchange Server Security certificates, which
causes Outlook to send the email in plaintext, aka "Flaw in how
Outlook 2002 handles V1 Exchange Server Security Certificates could
lead to Information Disclosure."

Analysis
----------------
ED_PRI CAN-2003-0007 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0009
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: MS:MS03-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-006.asp
Reference: BUGTRAQ:20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104636383018686&w=2
Reference: XF:winme-hsc-hcp-bo(11425)
Reference: URL:http://www.iss.net/security_center/static/11425.php

Cross-site scripting (XSS) vulnerability in Help and Support Center
for Microsoft Windows Me allows remote attackers to execute arbitrary
script in the Local Computer security context via an hcp:// URL with
the malicious script in the topic parameter.

Analysis
----------------
ED_PRI CAN-2003-0009 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-1326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1326
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030206
Category: SF
Reference: MS:MS03-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Reference: XF:ie-dialog-zone-bypass(11258)
Reference: URL:http://www.iss.net/security_center/static/11258.php

Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers
to bypass the cross-domain security model to run malicious script or
arbitrary programs via dialog boxes, aka "Improper Cross Domain
Security Validation with dialog box."

Analysis
----------------
ED_PRI CAN-2003-1326 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-1328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1328
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030206
Category: SF
Reference: MS:MS03-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp
Reference: XF:ie-showhelp-zone-bypass(11259)
Reference: URL:http://www.iss.net/security_center/static/11259.php

The showHelp() function in Microsoft Internet Explorer 5.5 and 6.0
supports certain types of pluggable protocols that allow remote
attackers to bypass the cross-domain security model and execute
arbitrary code, aka "Improper Cross Domain Security Validation with
ShowHelp functionality."

Analysis
----------------
ED_PRI CAN-2003-1328 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0693
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0693
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020712
Category: SF
Reference: BUGTRAQ:20021003 Buffer Overflow in IE/Outlook HTML Help
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103365849505409&w=2
Reference: BUGTRAQ:20021009 Thor Larholm security advisory TL#004
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103419115517344&w=2
Reference: BUGTRAQ:20021010 prover of concept code of windows help overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435279404182&w=2
Reference: MS:MS02-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp
Reference: XF:win-html-help-bo(10253)
Reference: URL:http://www.iss.net/security_center/static/10253.php
Reference: BID:5874
Reference: URL:http://www.securityfocus.com/bid/5874

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in
Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0,
NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows
remote attackers to execute code via (1) a long parameter to the Alink
function, or (2) script containing a long argument to the showHelp
function.

Analysis
----------------
ED_PRI CAN-2002-0693 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: Microsoft stated via e-mail that both issues are fixed
and they trace to the same vulnerable code.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0862
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0862
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020805 IE SSL Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2
Reference: BUGTRAQ:20020812 IE SSL Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918200405308&w=2
Reference: BUGTRAQ:20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102976967730450&w=2
Reference: MS:MS02-050
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy,
and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft
products including Microsoft Windows 98 through XP, Office for Mac,
Internet Explorer for Mac, and Outlook Express for Mac, do not
properly verify the Basic Constraints of intermediate CA-signed X.509
certificates, which allows remote attackers to spoof the certificates
of trusted sites via a man-in-the-middle attack for SSL sessions, as
originally reported for Internet Explorer and IIS.

Analysis
----------------
ED_PRI CAN-2002-0862 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CAN-2002-0828 is an early report of this issue (due to
non-coordinated discovery).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0863
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0863
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020916 Microsoft Windows Remote Desktop Protocol checksum and keystroke
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235960119404&w=2
Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2
Reference: MS:MS02-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp
Reference: XF:win-rdp-checksum-leak(10121)
Reference: URL:http://www.iss.net/security_center/static/10121.php

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and
RDP 5.1 in Windows XP does not encrypt the checksums of plaintext
session data, which could allow a remote attacker to determine the
contents of encrypted sessions via sniffing, aka "Weak Encryption in
RDP Protocol."

Analysis
----------------
ED_PRI CAN-2002-0863 3
Vendor Acknowledgement: yes advisory
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0869
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020815
Category: SF
Reference: MISC:http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
Reference: VULNWATCH:20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
Reference: BUGTRAQ:20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642839205574&w=2
Reference: MS:MS02-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp
Reference: XF:iis-outofprocess-privilege-elevation(10502)
Reference: URL:http://www.iss.net/security_center/static/10502.php

Unknown vulnerability in the hosting process (dllhost.exe) for
Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows
remote attackers to gain privileges by executing an out of process
application that acquires LocalSystem privileges, aka "Out of Process
Privilege Elevation."

Analysis
----------------
ED_PRI CAN-2002-0869 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1145
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: BUGTRAQ:20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103487044122900&w=2
Reference: NTBUGTRAQ:20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103486356413404&w=2
Reference: MISC:http://www.nextgenss.com/advisories/mssql-webtasks.txt
Reference: MS:MS02-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-061.asp
Reference: XF:mssql-webtask-gain-privileges(10388)
Reference: URL:http://www.iss.net/security_center/static/10388.php
Reference: BID:5980
Reference: URL:http://www.securityfocus.com/bid/5980

The xp_runwebtask stored procedure in the Web Tasks component of
Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0,
and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC,
which allows an attacker to gain privileges by updating a webtask that
is owned by the database owner through the msdb.dbo.mswebtasks table,
which does not have strong permissions.

Analysis
----------------
ED_PRI CAN-2002-1145 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1181
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021004
Category: SF
Reference: BUGTRAQ:20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103651224215736&w=2
Reference: MISC:http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html
Reference: MS:MS02-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp
Reference: XF:iis-admin-pages-xss(10501)
Reference: URL:http://www.iss.net/security_center/static/10501.php

Multiple cross-site scripting (XSS) vulnerabilities in the
administrative web pages for Microsoft Internet Information Server
(IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as
other users through (1) a certain ASP file in the IISHELP virtual
directory, or (2) possibly other unknown attack vectors.

Analysis
----------------
ED_PRI CAN-2002-1181 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION/ACCURACY: The Microsoft advisory alludes to multiple XSS
issues, but the SNS advisory only gives one particular attack vector.
Due to the lack of details in the Microsoft advisory, it is not clear
whether other pages or attack vectors exist.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1254
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: BUGTRAQ:20021022 Vulnerable cached objects in IE (9 advisories in 1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103530131201191&w=2
Reference: MISC:http://security.greymagic.com/adv/gm012-ie/
Reference: MS:MS02-066
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the
cross-domain security model and access information on the local system
or in other domains, and possibly execute code, via cached methods and
objects, aka "Cross Domain Verification via Cached Methods."

Analysis
----------------
ED_PRI CAN-2002-1254 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ACCURACY: Microsoft confirmed via email that this item addresses the
specified Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1258
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: MS:MS02-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp

Two vulnerabilities in Microsoft Virtual Machine (VM) up to and
including build 5.0.3805, as used in Internet Explorer and other
applications, allow remote attackers to read files via a Java applet
with a spoofed location in the CODEBASE parameter in the APPLET tag,
possibly due to a parsing error.

Analysis
----------------
ED_PRI CAN-2002-1258 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007